Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? - agentzh - ru.sysoev.nginx

9 messages in ru.sysoev.nginxRe: Is nginx vulnerable to the Hash T...

From	Sent On	Attachments
Justin Hart	Dec 31, 2011 10:37 am
Maxim Dounin	Dec 31, 2011 4:34 pm
agentzh	Dec 31, 2011 9:53 pm
Justin Hart	Dec 31, 2011 9:58 pm
agentzh	Jan 1, 2012 6:20 am
Nginx User	Jan 1, 2012 6:31 am
Sergey A. Osokin	Jan 1, 2012 10:37 am
agentzh	Jan 4, 2012 3:47 am
Nginx User	Jan 4, 2012 12:01 pm

Subject:	Re: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?
From:	agentzh (agen...@gmail.com)
Date:	Dec 31, 2011 9:53:31 pm
List:	ru.sysoev.nginx

On Sun, Jan 1, 2012 at 2:37 AM, Justin Hart <onyx...@gmail.com> wrote:

http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-massive-scale

Without going through the way nginx parses an incoming request, I'm unsure if nginx isn't vulnerable to this, because of the availability to grab the value of a GET parameter via http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER. My hope is that especially if an $arg_PARAMETER isn't used in the config, it is not vulnerable because it wouldn't even attempt to parse the parameters, but I can't be sure.

Well, the $arg_PARAMETER variable is not implemented with hash tables at all ;) It scans the URI query string at every invocation :)

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets